63 matches found
CVE-2026-29202
Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...
AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php
Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...
CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69187
CVE-2025-69187 is reported as a Missing Authorization vulnerability in the WordPress plugin Final User (Final User/ final-user), affecting versions from n/a through <= 1.2.5. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) yields a base score of 7.3 (High) with network attack vector, low...
CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...
WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...
EUVD-2021-11946
Malware in sbrugna...
EUVD-2020-16575
Malware in sbrugna...
EUVD-2025-25633
Malicious code in bioql PyPI...
EUVD-2022-51859
Malicious code in bioql PyPI...
WordPress plugin Bravis User 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-34522 · WordPress · Bravis User
Name of the Vulnerable Software and Affected Versions: Bravis User plugin for WordPress versions up to and including 1.0.0 Description: The plugin does not properly log in a user with data verified through the facebook ajax login callback function, leading to authentication bypass. This allows...
WordPress Bravis User plugin <= 1.0.0 - Authentication Bypass to Account Takeover vulnerability
Authentication Bypass to Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bravis User versions = 1.0.0...
WordPress Case Theme User plugin <= 1.0.3 - Authentication Bypass via Social Login vulnerability
Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Case Theme User versions = 1.0.3...
CVE-2023-0043
The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-27890
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2022-4519
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2021-25034
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...